lp:~henn/apparmor/fix-for-1665535
- Get this branch:
- bzr branch lp:~henn/apparmor/fix-for-1665535
Branch merges
- Christian Boltz: Approve
- intrigeri: Approve
- Jamie Strandboge: Approve
- Steve Beattie: Pending requested
-
Diff: 10 lines (+3/-0)1 file modifiedprofiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia (+3/-0)
Related bugs
Bug #1665535: WebRTC webcam support broken in firefox due to apparmor | Undecided | Fix Released |
Related blueprints
Branch information
Recent revisions
- 3631. By Jay Hennessey
-
* Fix LP: #1665535 - Enable camera access in browser apparmor profile for WebRTC
- 3630. By Steve Beattie
-
regression tests: fix environ fail case
In the environ regression test, when the exec() of the child process
fails, we don't report FAIL to stdout, so the regression tests consider
it an error rather than a failure and abort, short-circuiting the
test script.This commit fixes this by emitting the FAIL message when the result
from the wait() syscall indicates the child process did not succeed.Signed-off-by: Steve Beattie <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3629. By Christian Boltz
-
Rename global variable "pid" to "log_pid"
aa.py has a global variable "pid", but it also has several functions
that use "pid" as a local variable name. do_logprof_pass() even uses
both - first, it passes the global variable to ReadLog, and then it
creates a local variable in the "for pid in ..." loop.This patch renames the global variable to log_pid to get rid of the
confusion.Note that the global variable is only handed over to ReadLog, and the
only case where its previous content _might_ be used is aa-genprof which
does multipe do_logprof_pass() runs.Maybe we could even get rid of this variable in aa.py and make it local
to the ReadLog class, but I'm not sure if that would affect aa-genprof
in interesting[tm] ways.Acked-by: John Johansen <email address hidden>
- 3628. By Christian Boltz
-
Dovecot profile: change Px to mrPx for /usr/lib/dovecot/*
Some of the /usr/lib/dovecot/* rules already have mrPx permissions,
while others don't.With a more recent kernel, I noticed that at least auth, config, dict,
lmtp, pop3 and ssl-params need mrPx instead of just Px (confirmed by the
audit.log and actual breakage caused by the missing mr permissions).The mr additions for anvil, log and managesieve are just a wild guess,
but I would be very surprised if they don't need mr.Acked-by: Seth Arnold <email address hidden> for trunk, 2.10 and 2.9.
- 3627. By Christian Boltz
-
Dovecot profile update
Add several permissions to the dovecot profiles that are needed on ubuntu
(surprisingly not on openSUSE, maybe it depends on the dovecot config?)As discussed some weeks ago, the added permissions use only /run/
instead of /{var/,}run/ (which is hopefully superfluous nowadays).References: https:/
/bugs.launchpad .net/apparmor/ +bug/1512131 Acked-by: Seth Arnold <email address hidden> for trunk, 2.10 and 2.9.
- 3626. By Kees Cook
-
glibc uses /proc/*/auxv and /proc/*/status files, too
Acked-by: Seth Arnold <email address hidden>
- 3625. By Kees Cook
-
Apache2 profile updates for proper signal handling, optional saslauth,
and OCSP staplingAcked-by: Seth Arnold <email address hidden>
- 3624. By Christian Boltz
-
Drop unused global variables in aa.py
Grepping through the code shows that running_
under_genprof,
unimplemented_warning, ALL, t, seen and skip are unused, so drop them. Acked-by: Steve Beattie <email address hidden>
Also drop a '# t = hasher()" comment, as noticed by Steve.
- 3623. By Kees Cook
-
pass LDFLAGS fully into build
Acked-by: John Johansen <email address hidden>
Signed-off-by: Tyler Hicks <email address hidden> - 3622. By Christian Boltz
-
[7/7] Drop most of aa-mergeprof ask_the_questions()
Replace most of aa-mergeprof ask_merge_
questions( ) with a call to
aa.py ask_the_questions() (which is, besides some small exceptions that
are not relevant for aa-mergeprof, in sync with the dropped code).The remaining part gets renamed to ask_merge_
questions( ) to avoid
confusion with the function name in aa.py. Also drop the (now
superfluous) parameter.aa.py ask_the_questions() needs to allow 'merge' as aamode.
While on it, replace the fatal_error() call for unknown aamode with
raising an AppArmorBug.Acked-by: Seth Arnold <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12